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IN THE CLAIMS: 



1 . (CURRENTLY AMENDED) A compact personal token, comprising: 
a USB-compliant interface releaseably coupleable to a host processing device; 
a token m emory: 

a token p rocessor, communicatively coupled to the token memory and 
communicatively coupleable to the host processing device via the USB-compliant 
interface, the token p rocessor for providing the host processing device conditional 
access to user private data storablo stored in the token m emory: and 

a user input device, communicatively coupled to the token p rocessor by a path 
distinct from the USB-compliant interface, for accepting an input for processing by 
the token p rocessor to signal authorization of a token p rocessor operation providing 
access to the user private data stored in the token memory , the input in response to a 
message received in the token from the host processing device via the USB-compliant 
interface invoking the token p rocessor operatio n, wherein user authentication occurs 
on the token . 

2. (ORIGINAL) The apparatus of claim 1, wherein the path is entirely 
intemal to the token. 

3. (CANCELED) 

4 (PREVIOUSLY PRESENTED) The apparatus of claim 1, wherein the 
user private data is designated as requiring authorization before access by an 
associated identification stored in the memory. 

5. (PREVIOUSLY PRESENTED) The apparatus of claim 1, wherein the 
user input device comprises at least one pressure-sensitive device actuatable from an 
exterior surface of the token. 

6. (ORIGINAL) The apparatus of claim 5, wherein the input device 
comprises at least one push-button switch. 
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7. (ORIGINAL) The apparatus of claim 1, further comprising: 

an output device, communicatively coupled to the processor by a second path 
distinct from the USB-compliarit interface, for prompting a user to provide an 
authorization of a processor operation. 

8. (ORIGINAL) The apparatus of claim 7, wherein the path and the 
second path are a common path. 

9. (ORIGINAL) The apparatus of claim 7, wherein the output device 
prompts the user to provide an authorization of the processor operation when 
processor operation requires access to the private data stored in the memory. 

10. (ORIGINAL) The apparatus of claim 7, wherein the output device 
comprises at least one light-emitting device. 

1 1 . (ORIGINAL) The apparatus of claim 7, wherein the output device 
comprises at least one aural reproduction device. 

12. (ORIGINAL) The apparatus of claim 7, wherein the output device 
comprises at least one liquid crystal display (LCD). 

13. (ORIGINAL) The apparatus of claim 7, wherein the output device 
provides an alphanumeric message indicating that user input is required. 

14. (ORIGINAL) The apparatus of claim 13, wherein the alphanumeric 
message identifies the processing operation. 

15. (ORIGINAL) The apparatus of claim 13, wherein the alphanumeric 
message identifies a private key. 

16. (CANCELED) 



17. (CANCELED) 
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1 8. (CURRENTLY AMENDED) A method of authorizing access to 
private data stored in a token having a processor communicatively coupled to a host 
processor via a Universal Serial Bus (USB) interface, comprising the steps of: 

authenticating a user identity in the token: 

accepting a conmiand in the token invoking a token processor operation via 
the USB interface; 

accepting a user input signaling authorization of the token processor operation 
via an input device; 

providing the user input to the token processor via a communication path 
distinct from the USB-compliant interface; and 

processing the user input in the token processor to authorize the invoked token 
processor operation, 

1 9. (CURRENTLY AMENDED) The method of claim 1 8, further 
comprising the [[step]] steps of: 

determining if the processor operation requires access to the private data 
stored in the token; and 

prompting a user to authorize the processor operation via an output device 
communicatively coupled to the processor if the processor operation requires access 
to private data stored in a memory in the token. 

20. (ORIGINAL) The method of claim 19, wherein the output device is 
communicatively coupled to the processor by a second commimication path distinct 
from the USB-compliant interface. 

21. (ORIGINAL) The method of claim 20, v^^herein the first path and the 
second path are common. 

22. (ORIGINAL) The method of claim 20, v^herein the step of 
determining if the processor requires access to a private key stored in the token 
comprises the steps of: 
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determining which data stored in the memory is affected by the processor 
operation; and 

determining whether the data affected by the processor operation is associated 
with an identification designating the data as a private key. 

23. (ORIGINAL) The method of claim 20, wherein the path is entirely 
internal to the token. 

24. (ORIGINAL) The method of claim 20, wherein the input device is a 
pressure-sensitive device actuatable fi-om an exterior surface of the token. 

25. (ORIGINAL) The method of claim 24, wherein the input device is a 
push-button switch actuatable fi-om an exterior surface of the token. 

26. (ORIGINAL) The method of claim 20, wherein the output device 
comprises at least one light emitting device. 

27. (ORIGINAL) The method of claim 20, wherein the output device 
comprises at least one aural reproduction device. 

28. (CURRENTLY AMENDED) The method of claim [[20]] 20, wherein 
the output device comprises at least one liquid crystal display. 

29. (ORIGINAL) The method of claim 20, wherein the step of prompting 
the user to authorize the processor operation via an output device comprises the step 
of: 

providing an alphanumeric message indicating that user input is required. 

30. (ORIGINAL) The method of claim 29, wherein the alphantmieric 
message identifies the processing operation. 

3 1 . (ORIGINAL) The method of claim 29, wherein the alphanumeric 
message identifies the private data. 
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32. (CANCELED) 

33. (CANCELED) 

34. (ORIGINAL) The method of claim 20, wherein the command is an 
authorization request including a challenge value and the processor operation is a hash 
fiinction using the challenge value and the private data. 

35. (CURRENTLY AMENDED) A program storage device, readable by a 
computer, tangibly embodying at least one program of instructions executable by the 
computer to perform method steps of authorizing access to private data stored in a 
token having a processor commimicatively coupled to a host processor via a Universal 
Serial Bus (USB) interface, the method steps comprising the steps of: 

authenticating, in the token, a user identity; 

accepting a command in the token invoking a token p rocessor operation via 
the USB-compliant interface; 

determining, in the token, if the token p rocessor operation requires access to 
the private data stored in the token; 

prompting the user to authorize the token p rocessor operation via an output 
device communicatively coupled to the token p rocessor by a path distinct from the 
USB-compliant interface if the token p rocessor operation requires access to a private 
data stored in a memory in the token; 

accepting a user input signaling authorization of the token p rocessor operation 
via an input device; and 

providing the user input to the token p rocessor via a communication path 
distinct from the USB-compliant interface. 

36. (ORIGINAL) The program storage device of claim 35, wherein the 
first path and the second path are common. 
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37. (ORIGINAL) The program storage device of claim 35, wherein the 
method step of determining if the processor requires access to a private key stored in 
the token comprises the steps of: 

determining which data stored in the memory is affected by the processor 
operation; and 

determining whether the data affected by the processor operation is associated 
with an identification designating the data as the private key. 

38. (ORIGINAL) The program storage device of claim 35, wherein the 
path is entirely internal to the token. 

39. (ORIGINAL) The program storage device of claim 35, wherein the 
input device is a pressure-sensitive device actuable fi-om exterior surface of the token. 

40. (ORIGINAL) The program storage device of claim 39, wherein the 
input device is a push-button switch actuatable fi*om an exterior surface of the token. 

41 . (ORIGINAL) The program storage device of claim 35, wherein the 
output device comprises at least one light emitting device. 

42. (ORIGINAL) The program storage device of claim 35, wherein the 
output device comprises at least one aural reproduction device. 

43. (ORIGINAL) The program storage device of claim 35, wherein the 
output device comprises at least one liquid crystal display. 

44. (ORIGINAL) The program storage device of claim 35, wherein the 
method step of prompting the user to authorize the processor operation via an output 
device comprises the method step of: 

providing an alphanumeric message indicating that user input is required. 

45. (ORIGINAL) The program storage device of claim 44, wherein the 
alphanumeric message identifies the processing operation. 
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46. (ORIGINAL) The program storage device of claim 44, wherein the 
alphaniimeric message identifies the private data. 

47. (CANCELED) 

48. (CANCELED) 

49. (CURRENTLY AMENDED) A compact personal token, comprising: 
a USB-compliant interface releaseably coupleable to a host processing device; 
a token memory; 

a token p rocessor, coupled to the token m emory and commimicatively 
coupleable to the host processing device via the USB-compliant interface, the token 
processor for providing the host processing device conditional access to store and 
retrieve data storable in the token m emory, the data including a personal identification 
private to the user; and 

a user input device, commimicatively coupled to the token p rocessor by a path 
distinct fi-om the USB-compliant interface, for accepting a user input describing the 
personal identification , the user input device for authenticating by the token the 
personal identification private to the user . 

50. (ORIGINAL) The apparatus of claim 49, wherein the user input 
device comprises a character input device. 

5 1 . (CURRENTLY AMENDED ) Tho apparatus of claim 50, 
wh e r e in 

A compact personal token, comprising: 

a USB-compliant interface releaseablv coupleable to a host processing device: 
a memorv: 

a processor, coupled to the memorv and commimicatively coupleable to the 
host processing device via the USB-compliant interface, the processor for providing 
the host processing device conditional access to store and retrieve data storable in the 
memorv, the data including a personal identification private to the user: and 
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a user input device, communicatively coupled to the processor by a path 
distinct from the USB-compliant interface, for accepting a user input describing the 
personal identification, the user input device comprising a character input device, 

the character input device compris e s comprising a wheel having an input 
position for each character in an input character set. 

52. (ORIGINAL) The apparatus of claim 51, wherein each character is 
selected by depression of the wheel. 

53. (CURRENTLY AMENDED) The apparatus of claim [[48]] 49, 
wherein the user input device comprises a first pressure sensitive device actuatable 
from an exterior side of the token, and a second pressure sensitive device actuatable 
from the exterior side of the token, wherein actuation of the first pressure sensitive 
device selects a character from a character set, and actuation of the second pressure 
sensitive device enters the character as at least a portion of the personal identification. 

54. (CURRENTLY AMENDED) A method of authentication using a 
token having a processor commxanicatively coupled to a host processor via a Universal 
Serial Bus (USB) compliant interface, comprising the steps of: 

accepting a command in the token invoking a token p rocessor operation via 
the USB-compliant interface; 

determining if the token p rocessor operation requires access to the personal 
identification storable in a memory of the token; [[and]] 

determining if the personal identification is stored in the memory of the token; 

prompting the user to enter a personal identification if the token p rocessor 
operation requires access to the personal identification and the personal identification 
is not stored in the memory of the token; 

accepting a user input comprising a personal identification via an input device; 

authenticating in the token the user input comprising a personal identification 
via an input device: and 

providing the user input to the processor via a commxmication path distinct 
from the USB-compliant interface. 
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55. (CANCELED) 



56. (PREVIOUSLY PRESENTED) The method of claim 54, wherein the 
step of prompting the user to enter the personal identification number comprises the 
step of activating a user output device via a second conimunication path distinct fi-om 
the USB compliant interface. 

57. (ORIGINAL) The method of claim 54, wherein the input device 
comprises a character input device. 

58. (CURRENTLY AMENDED) The method of claim 57, whoroin 

A method of authentication using a token having a processor communicatively 
coupled to a host processor via a Universal Serial Bus (USB) compliant interface, 
comprising the steps of: 

accepting a command in the token invoking a processor operation via the 
USB-compliant interface: 

determining if the processor operation requires access to the personal 
identification storable in a memory of the token: 

determining if the personal identification is stored in the memory of the token: 

prompting the user to enter a personal identification if the processor operation 
requires access to the personal identification and the personal identification is not 
stored in the memory of the token: 

accepting a user input comprising a personal identification via an input device: 

and 

providing the user input to the processor via a communication path distinct 
firom the USB-compliant interface, wherein the input device comprises a character 
input device , the character input device compriscg comprising a wheel having an input 
position for each character in an input character set. 



59. (ORIGINAL) The method of claim 58, wherein each character is 
selected by depression of the wheel. 
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60. (ORIGINAL) The method of claim 54, wherein the user input device 
comprises a first pressure sensitive device actuatable from an exterior side of the 
token, and a second pressure sensitive device actuatable from an exterior side of the 
token, wherein actuation of the first pressure sensitive device selects a character from 
a character set, and actuation of the second pressure sensitive device enters the 
character as at least a portion of the personal identification. 

61 . (CURRENTLY AMENDED) A compact personal token, comprising: 
a USB-compliant interface releaseably coupleable to a host processing device; 
a token memory; 

a token p rocessor, communicatively coupled to the token m emory and 
communicatively coupleable to the host processing device via the USB-compliant 
interface, the token p rocessor for providing the host processing device conditional 
access to user private data storable in the token memory: and 

a user input device, communicatively coupled to the token p rocessor by a path 
distinct from the USB-compliant interface, the user input device for signaling 
authorization of a token p rocessor operation invoked by a message received in the 
token via the USB-compliant interface , wherein the token authenticates user identity . 

62. (ORIGINAL) The apparatus of claim 61, wherein the user input 
device is configured to control an operation of the processor. 

63. (ORIGINAL) The apparatus of claim 61, wherein the operation 
comprises an operation selected from the group comprising: 

an encryption operation; and 
a decryption operation. 

64. (ORIGINAL) The apparatus of claim 61, wherein the operation 
comprises a digital signature operation using a private key stored in the memory. 

65. (ORIGINAL) The apparatus of claim 61, wherein the input device 
comprises at least one pressure-sensitive device actuatable from an exterior surface of 
the token. 
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66. (ORIGINAL) The apparatus of claim 61, wherein the input device 
comprises at least one push-button switch. 

67. (ORIGINAL) The apparatus of claim 61, further comprising an output 
device, communicatively coupled to the processor by path distinct from the USB- 
compliant interface, for providing information regarding the operation of the 
processor. 

68. (ORIGINAL) The apparatus of claim 67, wherein the output device 
comprises at least one light emitting device. 

69. (ORIGINAL) The apparatus of claim 67, wherein the output device 
comprises at least one liquid crystal display. 

70. (ORIGINAL) The apparatus of claim 67, wherein the output device 
comprises at least one aural output device. 

71. (CURRENTLY AMENDED) A method of authorizing access to 
private data stored in a token having a processor communicatively coupled to a host 
processor via a Universal Serial Bus (USB) interface, comprising the steps of: 

authenticating a user identitv in the token: 

accepting a command in the token invoking a token processor operation via 
the USB-compliant interface; 

accepting a user input to control the token processor operation via an input 
device; and 

providing the user input to the token processor via a communication path 
distinct from the USB-compliant interface. 

72. (ORIGINAL) The method of claim 71, wherein the operation 
comprises an operation selected from the group comprising: 

an encryption operation; 
a decryption operation; and 
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a digital signature operation using a private key. 

73. (ORIGINAL) The method of claim 71, wherein the user input device 
comprises at least one pressure sensitive device actuatable from an exterior surface of 
the token. 

74. (ORIGINAL) The method of claim 71, further comprising the step of: 
prompting the user to control the processor operation via an output device 

communicatively coupled to the processor by a second path distinct from the USB- 
compliant interface. 

75. (ORIGINAL) The method of claim 74, wherein the path and the 
second path are common. 

76. (CURRENTLY AMENDED) The method of claim 74, wherein the 
output device is selected from the group comprising: 

a light emitting device; 

[[an]] a liquid crystal display; and 

an aural reproduction device. 

77. (CURRENTLY AMENDED) A compact personal token, comprising: 
a USB-compliant interface releaseably coupleable to a host processing device; 
a token m emory: 

a token p rocessor, conmiunicatively coupled to the token memory and 
commimicatively coupleable to tiie host processing device via the USB-compliant 
interface, the token p rocessor for providing the host processing device conditional 
access to data storable in the memor y: the token processor for authenticating a user 
identity : and 

a user output device, communicatively coupled to the USB-compliant 
interface, for providing an indication of a data signal from the USB-compliant 
interface. 



78. (CANCELED) 
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79. (CANCELED) 

80. (CURRENTLY AMENDED) A compact personal token, comprising: 
a USB-compliant interface releaseably coupleable to a host processing device; 
a token m emory; 

a token p rocessor, commxmicatively coupled to the token memory and 
communicatively coupleable to the host processing device via the USB-compliant 
interface, the token p rocessor for providing the host processing device conditional 
access to data storable in the token m emor y, the token processor authenticating a user 
identity : and 

a user output device, conmiunicatively coupled to the token p rocessor. 

8 1 . (ORIGINAL) The apparatus of claim 80, wherein the user output 
device is coupled to the processor by a path distinct from the USB-compliant 
interface. 

82. (ORIGINAL) The apparatus of claim 80, wherein the user output 
device is configured to indicate the operation of the processor. 

83. (ORIGINAL) The apparatus of claim 80, wherein the operation 
comprises an operation selected from the group comprising: 

an encryption operation; 

a decryption operation; and 

a digital signature operation using a private key. 

84. (CURRENTLY AMENDED) The apparatus of claim 80, wherein the 
user output device is selected from a group comprising: 

at least one light emitting device; 

at least one liquid crystal display, display: and 

at least one aural device. 
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85. (ORIGINAL) The apparatus of claim 80, fixrther comprising an input 
device, communicatively coupled to the processor by path distinct from the USB- 
compliant interface, for providing information for the operation of the processor. 

86. (CURRENTLY AMENDED) A method of authorizing access to 
private data stored in a token having a processor communicatively coupled to a host 
processor via a Universal Serial Bus (USB) interface, comprising the steps of: 

authenticating in the token a user identity; 

accepting a command in the token invoking a token p rocessor operation via 
the USB-compliant interface; and 

signaling the token p rocessor operation via a user output device 
communicatively coupled to the token p rocessor via a communication path distinct 
from the USB-compliant interface[[.]]. 

87. (ORIGINAL) The method of claim 86, wherein the operation 
comprises an operation selected from the group comprising: 

an encryption operation; 

a decryption operation; and 

a digital signature operation using a private key. 

88. (CANCELED) 

89. (ORIGINAL) The method of claim 86, wherein the user output device 
is selected from the group comprising: 

at least one light emitting device; 

at least one liquid crystal display; and 

an aural device. 



